Privacy Policy / POPIA

Definitions

The following terms used in this Manual and Legislation are defined as follows:

“The POPI Act” The Protection of Personal Information Act, 4 of 2013, and includes any regulation under this act.

‘‘Automated means” any equipment capable of operating automatically in response to instructions given for the purpose of processing information.

“Biometrics”: A technique of personal identification that is based on physical, physiological or behavioural characterisation including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recognition.

“Body”: public or private body.

“Child”: A natural person under the age of 18 years who is not legally competent, without the assistance of a competent person, to take any action or decision in respect of any matter concerning him- or herself.

“Code of conduct”: A code of conduct issued by the Regulator in terms of Chapter 7 of the Act.

“Competent person”: Any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child.

“Consent”: Any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information.

“Constitution”: The Constitution of the Republic of South Africa, 1996.

“Data subject”: The person to whom personal information relates.

“De-identify”: In relation to personal information of a data subject, means to delete any information that identifies the data subject, can be used or manipulated by a reasonably foreseeable method to identify the data subject, or can be linked by a reasonably foreseeable method to other information that identifies the data subject.

“Direct marketing”: To approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject, or requesting the data subject to make a donation of any kind for any reason.

“Electronic communication”: Any text, voice, sound or image message sent over an electronic communications network which is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient.

“Enforcement notice”: A notice issued by the Regulator to a responsible party in order to take certain action.

“Filing system”: Any structured set of information, whether centralised, decentralised or dispersed on a functional or geographical basis, which is accessible according to specific criteria.

“Head”: of, or in relation to, a private body means:

  1. in the case of a natural person, that natural person or any person duly authorised by that natural person;
  2. in the case of a partnership, any partner of the partnership or any person duly authorised by the partnership;
  3. in the case of a juristic person the chief executive officer or equivalent officer of the juristic person or any person duly authorised by that officer;

“Information matching programme”: The comparison, whether manually or by means of any electronic or other device, of any document that contains personal information about ten or more data subjects with one or more documents that contain personal information of ten or more data subjects, for the purpose of producing or verifying information that may be used for the purpose of taking any action in regard to an identifiable data subject.

“Minister”: The Cabinet member responsible for the administration of justice.

“Operator”: A person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party. This means that the information you process is not for your direct client, employee, supplier, etc. but rather that of another entity. For example, if you provide payroll services and as such process the information of another entity’s employees.

“Person”: A natural person or a juristic person.

“Personal information”: Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

  1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  2. information relating to the education or the medical, financial, criminal or employment history of the person;
  3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
  4. the biometric information of the person;
  5. the personal opinions, views or preferences of the person;
  6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  7. the views or opinions of another individual about the person; and
  8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

“POPI”: Protection of Personal Information.

“POPIA”: Protection of Personal Information Act

“PAIA”: Promotion of Access to Information Act

“Prescribed”: Prescribed by regulation or by a code of conduct.

“Private body”:

  1. a natural person who carries or has carried on any trade, business or profession, but only in such capacity;
  2. a partnership which carries or has carried on any trade, business or profession; or
  3. any former or existing juristic person but excludes a public body.

“Processing”: Any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:

  1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
  2. dissemination by means of transmission, distribution or making available in any other form; or
  3. merging, linking, as well as restriction, degradation, erasure or destruction of information.

“Professional legal adviser”: Any legally qualified person, whether in private practice or not, who lawfully provides a client, at his or her or its request, with independent, confidential legal advice.

“Public body”:

  1. any department of state or administration in the national or provincial sphere of government or any municipality in the local sphere of government; or
  2. any other functionary or institution when:
    1. exercising a power or performing a duty in terms of the Constitution or a provincial constitution; or
    2. exercising a public power or performing a public function in terms of any legislation.

“Public record”: A record that is accessible in the public domain and which is in the possession of or under the control of a public body, whether or not it was created by that public body.

“Record”: Any recorded information:

  1. regardless of form or medium, including any of the following:
    1. Writing on any material;
    2. information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
    3. label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means;
    4. book, map, plan, graph or drawing;
    5. photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
  2. in the possession or under the control of a responsible party;
  3. whether or not it was created by a responsible party; and
  4. regardless of when it came into existence.

“Regulator”: The Information Regulator established in terms of section 39 of the Act.

“Re-identify”: In relation to personal information of a data subject, means to resurrect any information that has been de-identified, that:

  1. identifies the data subject;
  2. can be used or manipulated by a reasonably foreseeable method to identify the data subject; or
  3. can be linked by a reasonably foreseeable method to other information that identifies the data subject, ‘‘re-identified’’ has a corresponding meaning.

“Republic”: The Republic of South Africa.

“Responsible party”: A public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.

“Restriction”: To withhold from circulation, use or publication any personal information that forms part of a filing system, but not to delete or destroy such information.

“Special personal information”:

  1. the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject; or
  2. the criminal behaviour of a data subject to the extent that such information relates to:
    1. the alleged commission by a data subject of any offence; or
    2. any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.

“Unique identifier”: Any identifier that is assigned to a data subject and is used by a responsible party for the purposes of the operations of that responsible party and that uniquely identifies that data subject in relation to that responsible party.

  1. INTRODUCTION
  1. The Protection of the Personal Information Act, No. 4 of 2013 (the “POPI Act”) seeks to give effect to the constitutional right to privacy as contained in section 14 of the Bill of Rights and aims to:
  2. Promote the protection of personal information processed by public and private bodies;
  3. Introduce certain conditions so as to establish minimum requirements for the processing of personal information;
  4. Provide for the establishment of an information regulator to exercise certain powers and to perform certain duties and functions in terms of this act and the promotion of access to information act, 2000;
  5. Provide for the issuing of codes of conduct;
  6. Provide for the rights of persons regarding unsolicited electronic communications and automated decision making;
  7. Regulate the flow of personal information across the borders of the republic; and
  8. Provide for matters connected therewith.
  1. The POPI Act seeks to safeguard personal information by regulating the manner in which it may be processed by both public and private bodies.
  1. The POPI Act provides that data subjects have the right to have their personal information processed in accordance with the eight conditions for the lawful processing of personal information namely :-
  2. Accountability
  3. Processing Limitation
  4. Purpose Specification
  5. Further Processing Limitation
  6. Quality of Information
  7. Openness
  8. Information Security and Safeguards
  9. Data Subject Participation
  1. SCOPE AND PURPOSE OF THE MANUAL

NATURE ME NEW  guarantees its commitment to protecting the privacy of its Data Subjects and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws. The Policy sets out the manner in which NATURE ME NEW  deals with the personal information of data subjects and stipulates the purpose for which said information is used.

  1. ABOUT NATURE ME NEW  

NATURE ME NEW  insert info here.

Further general information on NATURE ME NEW  , its operations and activities can be obtained from its website at [www.naturemenew.co.za].

  1. AVAILABILITY OF THE MANUAL

This manual is available for inspection on the NATURE ME NEW  website at [www.naturemenew.co.za] and during normal business hours at the office of NATURE ME NEW  , at:

The Centre of Integrative Medicine

2 Eaton Road

Bryanston

Johannesburg

  1. ACCOUNTABILTY
  1. APPOINTMENT OF AN INFORMATION OFFICER
  2. As a responsible party, NATURE ME NEW  undertakes to ensure that the conditions for the lawful processing of personal information is complied with. This is done through the appointment of an information officer who will take responsibility and accountability for the provisions of the Act.
  1. NATURE ME NEW  is a Sole Proprietorship and the responsibility for the administration of, and compliance with the Act, has been delegated to the [Position] of NATURE ME NEW  [Person Name], who has accepted and acknowledged their role in this capacity and is aware of the accountability that comes with it.
  1. Annexure 1 sets out the responsibility and accountability of the Information Office, as well as the formal acceptance as Information Officer.

Should there be a change in the designation of the Information Officer, the particulars will be updated. The details of  the NATURE ME NEW  Information Officer will be made available on the website of the Information Regulator at www.justice.gov.za/inforeg/.

  • Requests pursuant to the provisions of the POPI Act should be directed as follows:

Information Officer: Candice Castle

Postal address:

Centre for Integrative Medicine

2 Eaton Drive

Bryanston

Johannesburg

Street address:

Centre for Integrative Medicine

2 Eaton Drive

Bryanston

Johannesburg

Registered Address

42 Snipe Street Horison

Business phone: 071 895 1585

Cell phone: 081 396 7904

E-mail address: info@naturemenew.co.za

  1. PROCESSING LIMITATION  
  1. Section 9 of the POPI Act states that:

Personal information must be processed lawfully and in a reasonable manner that does not infringe the privacy of the data subject

  1. Section 10 of the POPI Act states that:

Personal Information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.

  1. The purpose for which personal information is processed by NATURE ME NEW   will depend on the nature of the information and NATURE ME NEW  undertakes that Personal Information will only be processed in the following circumstances:
    1. The data subject or a competent person where the data subject is a child consents to the processing;
    2. Processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
    3. Processing complies with an obligation imposed by law on the responsible party;
    4. Processing protects a legitimate interest of the data subject;
    5. Processing is necessary for the proper performance of a public law duty by a public body; or
    6. Processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
  1. In general, personal information is processed by NATURE ME NEW  for business administration purposes, including but not limited to:
  2. Carrying out actions for the conclusion or performance of a contract;
  3. Complying with obligations imposed by law;
  4. Protecting the legitimate interests of the data subjects; or
  5. Pursuing the legitimate interests of NATURE ME NEW  
  6. N.B. The above list is non-exhaustive.
  1. CATEGORIES OF DATA SUBJECTS AND INFORMATION
  2. NATURE ME NEW  Processes Personal Information Relating To The Following

             Categories Of Data Subjects:

CATEGORIES OF DATA SUBJECTS:

  • Personnel / employees;
  • Consultants;
  • Contractors;
  • Customers;
  • Investors;
  • Service providers;
  • Suppliers;
  • Other third parties with whom NATURE ME NEW  conducts business.

N.B. The above list is non-exhaustive.

  1. NATURE ME NEW  processes personal information relating to the following categories of Information:

In respect of natural persons may include:

  • Name,
  • Identifying number (identity or passport number),
  • Date of birth,
  • Citizenship,
  • Age,
  • Gender,
  • Race,
  • Marital status,
  • Language,
  • Telephone number(s),
  • Email address(es),
  • Physical and postal addresses,
  • Income tax number,
  • Banking information,
  • Disability information,
  • Employment history,
  • Background checks,
  • Fingerprints,
  • FICA documentation,
  • Curriculum Vitae,
  • Education history,
  • Remuneration and benefit information,
  • Details related to employee performance and disciplinary procedures.

In respect of juristic persons may include:

  • Name,
  • Registration number,
  • Tax information,
  • Contact details,
  • Physical and postal addresses,
  • FICA documentation,
  • Bee certificates,
  • Payment details (including bank accounts),
  • Invoices and contractual agreements.

N.B. The above lists are non-exhaustive.

  1. COLLECTION FOR A SPECIFIC PURPOSE
  2. Section 13 of the POPI Act states:-

Personal information must be collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party.

Steps must be taken in accordance with section 18(1) to ensure that the data subject is aware of the purpose of the collection of the information unless the provisions of section 18(4) are applicable.

  1. NATURE ME NEW  undertakes that the Data Subjects Personal Information will only be used for the purpose for which it was collected and as agreed and this may include:
  • Carrying out actions for the conclusion or performance of a contract
    • Providing products or services to data subjects/clients and to carry out the transactions requested;
    • Conducting credit reference searches or verification;
    • Confirming, verifying and updating data subjects details;
    • Conducting market or customer satisfaction research;
    • For audit and record keeping purposes;
    • In connection with legal proceedings;
    • Providing NATURE ME NEW  services to data subjects/ clients, to render the services requested and to maintain and constantly improve the relationship;
    • In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.

N.B. The above list is non-exhaustive.

  1. RETENTION OF PERSONAL INFORMATION
  1. Subject to certain provisions of the POPI Act, records of personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed, accordingly NATURE ME NEW  is required to comply with various different legislative retention periods, which leads to different retention requirements. NATURE ME NEW  have opted for the longest retention period required and will apply this to all our data. The personal information of Data Subjects will be kept for a period of 7 years in order for NATURE ME NEW  to comply with all legal requirements.
  1. In the event that a data subject does not consent their personal information being retained for a period of 7 years, the data subject must notify the Information Officer in writing.
  1. FURTHER PROCESSING LIMITATION
  2. NATURE ME NEW  acknowledges the provisions of Section 15 of the POPI Act, in that further processing of personal information must be in accordance or compatible with the purpose for which it was collected in terms of section 13 and NATURE ME NEW  undertakes that in the event that further processing is required, NATURE ME NEW  will take account of whether the further processing is compatible with the purpose of collection, and will take account of :
  1. The relationship between the purpose of the intended further processing and the purpose for which the information has been collected;
  2. The nature of the information concerned;
  3. The consequences of the intended further processing for the data subject;
  4. The manner in which the information has been collected; and
  5. Any contractual rights and obligations between the parties.
  1. INFORMATION QUALITY
  1. NATURE ME NEW  will take all reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary.
  2. In taking the steps referred above NATURE ME NEW  will have regard to the purpose for which personal information is collected or further processed.
  1. SECURITY SAFEGUARDS / SAFEGUARDING CLIENT INFORMATION

NATURE ME NEW  strives to take appropriate, reasonable technical and organisational measures to secure the integrity and confidentiality of personal information in its possession or under its control. It is a requirement of the POPI Act to adequately protect personal information and NATURE ME NEW  will continuously review its security controls and processes to ensure that personal information is secure.

  1. CATEGORIES OF RECIPIENTS TO WHOM THE PERSONAL INFORMATION

       MAY BE SUPPLIED

The categories of recipients to whom NATURE ME NEW  may supply the personal information will depend on the nature of the information.  In general, such categories of recipients would include:

  • Service providers;
  • Medical aid, pension or provident funds;
  • Auditing and accounting bodies (internal and external);
  • Third parties with whom the Companies have contracted for the retention of data;
  • Relevant authorities, government departments, statutory bodies or regulators;
  • A court, administrative or judicial forum, arbitration or statutory commission making a request in terms of the applicable laws or rules.
  • Any party who requires the information in order to  carrying out actions for the conclusion or performance of a contract

N.B. The above list is non-exhaustive.

  1. OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION BY A DATA

       SUBJECT REGULATION 2 – POPI REGULATIONS

A data subject may at any time object to the processing of his / her / its personal information (as contemplated in Section 11(3)(a) of the POPI Act) in the prescribed form attached to this manual as Annexure 2 , subject to exceptions contained in the POPI Act.

  1. REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION

       REGULATION 3 – POPI REGULATIONS A Data Subject may request that his / her / its personal information be corrected or deleted (as contemplated in Section 24 of the POPI Act) in the prescribed form attached as Annexure 3.